Refresh patches

debian/patches/008_login_log_failure_in_FTMP

@@ -6,7 +6,7 @@ Notes:
 
 --- a/src/login.c
 +++ b/src/login.c
-@@ -849,6 +849,24 @@
+@@ -829,6 +829,24 @@
  			(void) puts ("");
  			(void) puts (_("Login incorrect"));
  
@@ -33,15 +33,15 @@ Notes:
  				         "TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
 --- a/lib/getdef.c
 +++ b/lib/getdef.c
-@@ -60,7 +60,6 @@
+@@ -38,7 +38,6 @@
  	{"ENVIRON_FILE", NULL},			\
  	{"ENV_TZ", NULL},			\
  	{"FAILLOG_ENAB", NULL},			\
 -	{"FTMP_FILE", NULL},			\
+ 	{"HMAC_CRYPTO_ALGO", NULL},		\
  	{"ISSUE_FILE", NULL},			\
  	{"LASTLOG_ENAB", NULL},			\
- 	{"LOGIN_STRING", NULL},			\
-@@ -91,6 +90,7 @@
+@@ -80,6 +79,7 @@
  	{"ERASECHAR", NULL},
  	{"FAIL_DELAY", NULL},
  	{"FAKE_SHELL", NULL},

debian/patches/401_cppw_src.dpatch

@@ -248,7 +248,7 @@
 +
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -33,6 +33,7 @@
+@@ -34,6 +34,7 @@
  bin_PROGRAMS  += su
  endif
  usbin_PROGRAMS = \
@@ -256,17 +256,17 @@
  	chgpasswd \
  	chpasswd \
  	groupadd \
-@@ -101,6 +102,7 @@
+@@ -102,6 +103,7 @@
  chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
  chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
  chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
 +cppw_LDADD     = $(LDADD) $(LIBSELINUX) $(LIBAUDIT)
  expiry_LDADD = $(LDADD) $(LIBECONF)
  gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
- groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+ groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
 --- a/po/POTFILES.in
 +++ b/po/POTFILES.in
-@@ -90,6 +90,7 @@
+@@ -91,6 +91,7 @@
  src/chgpasswd.c
  src/chpasswd.c
  src/chsh.c

debian/patches/429_login_FAILLOG_ENAB

@@ -9,7 +9,7 @@ Note: It could be removed if pam_tally could report the number of failures
 
 --- a/src/login.c
 +++ b/src/login.c
-@@ -136,9 +136,9 @@
+@@ -114,9 +114,9 @@
  #endif
  			);
  
@@ -20,7 +20,7 @@ Note: It could be removed if pam_tally could report the number of failures
  static void bad_time_notify (void);
  static void check_nologin (bool login_to_root);
  #else
-@@ -809,6 +809,9 @@
+@@ -789,6 +789,9 @@
  				SYSLOG ((LOG_NOTICE,
  				         "TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
  				         failcount, fromhost, failent_user));
@@ -30,7 +30,7 @@ Note: It could be removed if pam_tally could report the number of failures
  				fprintf (stderr,
  				         _("Maximum number of tries exceeded (%u)\n"),
  				         failcount);
-@@ -826,6 +829,14 @@
+@@ -806,6 +809,14 @@
  				         pam_strerror (pamh, retcode)));
  				failed = true;
  			}
@@ -45,7 +45,7 @@ Note: It could be removed if pam_tally could report the number of failures
  
  			if (!failed) {
  				break;
-@@ -849,6 +860,10 @@
+@@ -829,6 +840,10 @@
  			(void) puts ("");
  			(void) puts (_("Login incorrect"));
  
@@ -56,7 +56,7 @@ Note: It could be removed if pam_tally could report the number of failures
  			if (getdef_str("FTMP_FILE") != NULL) {
  #ifdef USE_UTMPX
  				struct utmpx *failent =
-@@ -1305,6 +1320,7 @@
+@@ -1299,6 +1314,7 @@
  		 */
  #ifndef USE_PAM
  		motd ();	/* print the message of the day */
@@ -64,7 +64,7 @@ Note: It could be removed if pam_tally could report the number of failures
  		if (   getdef_bool ("FAILLOG_ENAB")
  		    && (0 != faillog.fail_cnt)) {
  			failprint (&faillog);
-@@ -1317,6 +1333,7 @@
+@@ -1311,6 +1327,7 @@
  				         username, (int) faillog.fail_cnt));
  			}
  		}
@@ -74,7 +74,7 @@ Note: It could be removed if pam_tally could report the number of failures
  		    && (ll.ll_time != 0)) {
 --- a/lib/getdef.c
 +++ b/lib/getdef.c
-@@ -89,6 +89,7 @@
+@@ -78,6 +78,7 @@
  	{"ENV_SUPATH", NULL},
  	{"ERASECHAR", NULL},
  	{"FAIL_DELAY", NULL},

debian/patches/463_login_delay_obeys_to_PAM

@@ -9,15 +9,15 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
 
 --- a/src/login.c
 +++ b/src/login.c
-@@ -536,7 +536,6 @@
- #if defined(HAVE_STRFTIME) && !defined(USE_PAM)
+@@ -514,7 +514,6 @@
+ #if !defined(USE_PAM)
  	char ptime[80];
  #endif
 -	unsigned int delay;
  	unsigned int retries;
  	bool subroot = false;
  #ifndef USE_PAM
-@@ -561,6 +560,7 @@
+@@ -539,6 +538,7 @@
  	pid_t child;
  	char *pam_user = NULL;
  #else
@@ -25,7 +25,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  	struct spwd *spwd = NULL;
  #endif
  	/*
-@@ -723,7 +723,6 @@
+@@ -703,7 +703,6 @@
  	}
  
  	environ = newenvp;	/* make new environment active */
@@ -33,7 +33,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  	retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
  
  #ifdef USE_PAM
-@@ -739,8 +738,7 @@
+@@ -719,8 +718,7 @@
  
  	/*
  	 * hostname & tty are either set to NULL or their correct values,
@@ -43,7 +43,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  	 *
  	 * PAM_RHOST and PAM_TTY are used for authentication, only use
  	 * information coming from login or from the caller (e.g. no utmp)
-@@ -749,10 +747,6 @@
+@@ -729,10 +727,6 @@
  	PAM_FAIL_CHECK;
  	retcode = pam_set_item (pamh, PAM_TTY, tty);
  	PAM_FAIL_CHECK;
@@ -54,7 +54,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  	/* if fflg, then the user has already been authenticated */
  	if (!fflg) {
  		unsigned int failcount = 0;
-@@ -793,12 +787,6 @@
+@@ -773,12 +767,6 @@
  			bool failed = false;
  
  			failcount++;
@@ -67,7 +67,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  
  			retcode = pam_authenticate (pamh, 0);
  
-@@ -1121,14 +1109,17 @@
+@@ -1114,14 +1102,17 @@
  		free (username);
  		username = NULL;
  
@@ -87,7 +87,7 @@ Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
  
 --- a/lib/getdef.c
 +++ b/lib/getdef.c
-@@ -88,7 +88,6 @@
+@@ -77,7 +77,6 @@
  	{"ENV_PATH", NULL},
  	{"ENV_SUPATH", NULL},
  	{"ERASECHAR", NULL},

debian/patches/501_commonio_group_shadow

@@ -4,7 +4,7 @@ Fixes: #166793
 
 --- a/lib/commonio.c
 +++ b/lib/commonio.c
-@@ -44,6 +44,7 @@
+@@ -21,6 +21,7 @@
  #include <errno.h>
  #include <stdio.h>
  #include <signal.h>
@@ -12,7 +12,7 @@ Fixes: #166793
  #include "nscd.h"
  #include "sssd.h"
  #ifdef WITH_TCB
-@@ -986,12 +987,23 @@
+@@ -978,12 +979,23 @@
  			goto fail;
  		}
  	} else {
@@ -38,7 +38,7 @@ Fixes: #166793
  	snprintf (buf, sizeof buf, "%s+", db->filename);
 --- a/lib/sgroupio.c
 +++ b/lib/sgroupio.c
-@@ -229,7 +229,7 @@
+@@ -206,7 +206,7 @@
  #ifdef WITH_SELINUX
  	NULL,			/* scontext */
  #endif
@@ -49,7 +49,7 @@ Fixes: #166793
  	NULL,			/* head */
 --- a/lib/shadowio.c
 +++ b/lib/shadowio.c
-@@ -105,7 +105,7 @@
+@@ -82,7 +82,7 @@
  #ifdef WITH_SELINUX
  	NULL,			/* scontext */
  #endif				/* WITH_SELINUX */

debian/patches/505_useradd_recommend_adduser

@@ -6,7 +6,7 @@ Status wrt upstream: Debian specific patch.
 
 --- a/man/useradd.8.xml
 +++ b/man/useradd.8.xml
-@@ -107,6 +107,12 @@
+@@ -83,6 +83,12 @@
    <refsect1 id='description'>
      <title>DESCRIPTION</title>
        <para>
@@ -21,7 +21,7 @@ Status wrt upstream: Debian specific patch.
  	the values specified on the command line plus the default values from
 --- a/man/userdel.8.xml
 +++ b/man/userdel.8.xml
-@@ -83,6 +83,12 @@
+@@ -59,6 +59,12 @@
    <refsect1 id='description'>
      <title>DESCRIPTION</title>
      <para>

debian/patches/506_relaxed_usernames

@@ -17,7 +17,7 @@ Details:
 
 --- a/libmisc/chkname.c
 +++ b/libmisc/chkname.c
-@@ -54,6 +54,7 @@
+@@ -31,6 +31,7 @@
  		return true;
  	}
  
@@ -25,7 +25,7 @@ Details:
  	/*
  	 * User/group names must match [a-z_][a-z0-9_-]*[$]
  	 */
-@@ -73,6 +74,26 @@
+@@ -50,6 +51,26 @@
  			return false;
  		}
  	}
@@ -54,7 +54,7 @@ Details:
  }
 --- a/man/useradd.8.xml
 +++ b/man/useradd.8.xml
-@@ -662,12 +662,20 @@
+@@ -651,12 +651,20 @@
      </para>
  
      <para>
@@ -78,7 +78,7 @@ Details:
    </refsect1>
 --- a/man/groupadd.8.xml
 +++ b/man/groupadd.8.xml
-@@ -273,12 +273,18 @@
+@@ -265,12 +265,18 @@
     <refsect1 id='caveats'>
       <title>CAVEATS</title>
       <para>

debian/patches/542_useradd-O_option

@@ -7,21 +7,21 @@ Status wrt upstream: not included as this is just specific
 
 --- a/man/useradd.8.xml
 +++ b/man/useradd.8.xml
-@@ -341,6 +341,11 @@
- 	    databases are reset to avoid reusing the entry from a previously
- 	    deleted user.
+@@ -302,6 +302,11 @@
+ 	    <option>-K</option>&nbsp;<replaceable>UID_MIN</replaceable>=<replaceable>100</replaceable>&nbsp;
+ 	    <option>-K</option>&nbsp;<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
  	  </para>
 +          <para>
 +            For the compatibility with previous Debian's
 +            <command>useradd</command>, the <option>-O</option> option is
 +            also supported.
 +          </para>
- 	</listitem>
-       </varlistentry>
-       <varlistentry>
+ 	  <!--para>
+ 	    Note: <option>-K</option>&nbsp;<replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
+ 	    doesn't work yet.
 --- a/src/useradd.c
 +++ b/src/useradd.c
-@@ -1143,9 +1143,9 @@
+@@ -1219,9 +1219,9 @@
  		};
  		while ((c = getopt_long (argc, argv,
  #ifdef WITH_SELINUX
@@ -33,7 +33,7 @@ Status wrt upstream: not included as this is just specific
  #endif				/* !WITH_SELINUX */
  		                         long_options, NULL)) != -1) {
  			switch (c) {
-@@ -1274,6 +1274,7 @@
+@@ -1350,6 +1350,7 @@
  				kflg = true;
  				break;
  			case 'K':